diff options
Diffstat (limited to 'ui/gtk/decode_as_dcerpc.c')
| -rw-r--r-- | ui/gtk/decode_as_dcerpc.c | 426 |
1 files changed, 426 insertions, 0 deletions
diff --git a/ui/gtk/decode_as_dcerpc.c b/ui/gtk/decode_as_dcerpc.c new file mode 100644 index 0000000000..202e73a8a7 --- /dev/null +++ b/ui/gtk/decode_as_dcerpc.c @@ -0,0 +1,426 @@ +/* decode_as_dcerpc.c + * + * $Id$ + * + * Routines to modify dcerpc bindings on the fly. + * + * Copyright 2004 Ulf Lamping + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif +#include <string.h> + +#include <gtk/gtk.h> + +#include <epan/packet.h> +#include <epan/epan_dissect.h> +#include <epan/dissectors/packet-dcerpc.h> + +#include "../simple_dialog.h" + +#include "ui/gtk/decode_as_dlg.h" +#include "ui/gtk/dlg_utils.h" +#include "ui/gtk/gui_utils.h" +#include "ui/gtk/decode_as_dcerpc.h" + + +/**************************************************/ +/* Typedefs & Enums */ +/**************************************************/ + +/* list of dcerpc "Decode As" bindings */ +GSList *decode_dcerpc_bindings = NULL; + +/**************************************************/ +/* Global Functions */ +/**************************************************/ + +/* inject one of our bindings into the dcerpc binding table */ +static void +decode_dcerpc_inject_binding(gpointer data, gpointer user_data _U_) +{ + dcerpc_add_conv_to_bind_table((decode_dcerpc_bind_values_t *) data); +} + + +/* inject all of our bindings into the dcerpc binding table */ +static void +decode_dcerpc_inject_bindings(gpointer data _U_) { + g_slist_foreach(decode_dcerpc_bindings, decode_dcerpc_inject_binding, NULL /* user_data */); +} + + +/* init this file */ +void +decode_dcerpc_init(void) { + GHook* hook_init_proto; + + + /* add a hook function to the dcerpc init_protocols hook */ + hook_init_proto = g_hook_alloc(&dcerpc_hooks_init_protos); + hook_init_proto->func = decode_dcerpc_inject_bindings; + g_hook_prepend(&dcerpc_hooks_init_protos, hook_init_proto); +} + + +/* clone a binding (uses g_malloc) */ +static decode_dcerpc_bind_values_t * +decode_dcerpc_binding_clone(decode_dcerpc_bind_values_t *binding_in) +{ + decode_dcerpc_bind_values_t *stored_binding; + + stored_binding = g_malloc(sizeof(decode_dcerpc_bind_values_t)); + *stored_binding = *binding_in; + COPY_ADDRESS(&stored_binding->addr_a, &binding_in->addr_a); + COPY_ADDRESS(&stored_binding->addr_b, &binding_in->addr_b); + stored_binding->ifname = g_string_new(binding_in->ifname->str); + + return stored_binding; +} + + +/* free a binding */ +void +decode_dcerpc_binding_free(void *binding_in) +{ + decode_dcerpc_bind_values_t *binding = binding_in; + + g_free((void *) binding->addr_a.data); + g_free((void *) binding->addr_b.data); + if(binding->ifname) + g_string_free(binding->ifname, TRUE); + g_free(binding); +} + + +/* compare two bindings (except the interface related things, e.g. uuid) */ +static gint +decode_dcerpc_binding_cmp(gconstpointer a, gconstpointer b) +{ + const decode_dcerpc_bind_values_t *binding_a = a; + const decode_dcerpc_bind_values_t *binding_b = b; + + + /* don't compare uuid and ver! */ + if( + ADDRESSES_EQUAL(&binding_a->addr_a, &binding_b->addr_a) && + ADDRESSES_EQUAL(&binding_a->addr_b, &binding_b->addr_b) && + binding_a->ptype == binding_b->ptype && + binding_a->port_a == binding_b->port_a && + binding_a->port_b == binding_b->port_b && + binding_a->ctx_id == binding_b->ctx_id && + binding_a->smb_fid == binding_b->smb_fid) + { + /* equal */ + return 0; + } + + /* unequal */ + return 1; +} + + +/**************************************************/ +/* Show Changed Bindings */ +/**************************************************/ + + +/* add a single binding to the Show list */ +static void +decode_dcerpc_add_show_list_single(gpointer data, gpointer user_data) +{ + gchar string1[20]; + + + decode_dcerpc_bind_values_t *binding = data; + + g_snprintf(string1, sizeof(string1), "ctx_id: %u", binding->ctx_id); + + decode_add_to_show_list ( + user_data, + "DCE-RPC", + string1, + "-", + binding->ifname->str); +} + + +/* add all bindings to the Show list */ +void +decode_dcerpc_add_show_list(gpointer user_data) +{ + g_slist_foreach(decode_dcerpc_bindings, decode_dcerpc_add_show_list_single, user_data); +} + + +/**************************************************/ +/* Modify the binding routines */ +/**************************************************/ + + +/* removes all bindings */ +void +decode_dcerpc_reset_all(void) +{ + decode_dcerpc_bind_values_t *binding; + + while(decode_dcerpc_bindings) { + binding = decode_dcerpc_bindings->data; + + decode_dcerpc_binding_free(binding); + decode_dcerpc_bindings = g_slist_remove( + decode_dcerpc_bindings, + decode_dcerpc_bindings->data); + } +} + + +/* remove a binding (looking the same way as the given one) */ +static void +decode_dcerpc_binding_reset( +const gchar *table_name _U_, +decode_dcerpc_bind_values_t *binding) +{ + GSList *le; + decode_dcerpc_bind_values_t *old_binding; + + + /* find the old binding (if it exists) */ + le = g_slist_find_custom(decode_dcerpc_bindings, + binding, + decode_dcerpc_binding_cmp); + if(le == NULL) + return; + + old_binding = le->data; + + decode_dcerpc_bindings = g_slist_remove(decode_dcerpc_bindings, le->data); + + g_free((void *) old_binding->addr_a.data); + g_free((void *) old_binding->addr_b.data); + g_string_free(old_binding->ifname, TRUE); + g_free(old_binding); +} + + +/* a binding has changed (remove a previously existing one) */ +static void +decode_dcerpc_binding_change( +const gchar *table_name, +decode_dcerpc_bind_values_t *binding) +{ + + decode_dcerpc_bind_values_t *stored_binding; + + /* remove a probably existing old binding */ + decode_dcerpc_binding_reset(table_name, binding); + + /* clone the new binding and append it to the list */ + stored_binding = decode_dcerpc_binding_clone(binding); + decode_dcerpc_bindings = g_slist_append (decode_dcerpc_bindings, stored_binding); +} + + +/* a binding has changed (add/replace/remove it) */ +static void +decode_change_one_dcerpc_binding(const gchar *table_name, decode_dcerpc_bind_values_t *binding, GtkWidget *list) +{ + dcerpc_uuid_key *key; + gchar *abbrev; + GtkTreeSelection *selection; + GtkTreeModel *model; + GtkTreeIter iter; + + selection = gtk_tree_view_get_selection(GTK_TREE_VIEW(list)); + if (gtk_tree_selection_get_selected(selection, &model, &iter) == FALSE) + { + abbrev = NULL; + key = NULL; + } else { + gtk_tree_model_get(model, &iter, E_LIST_S_PROTO_NAME, &abbrev, + E_LIST_S_TABLE+1, &key, -1); + } + + if (key == NULL || (abbrev != NULL && strcmp(abbrev, "(default)") == 0) ) { + decode_dcerpc_binding_reset(table_name, binding); + } else { + binding->ifname = g_string_new(abbrev); + binding->uuid = key->uuid; + binding->ver = key->ver; + decode_dcerpc_binding_change(table_name, binding); + } + g_free(abbrev); +} + + + +/**************************************************/ +/* Action routines for the "Decode As..." dialog */ +/* - called when the OK button pressed */ +/**************************************************/ + +/* + * This routine is called when the user clicks the "OK" button in the + * "Decode As..." dialog window and the DCE-RPC page is foremost. + * This routine takes care of making any changes requested to the DCE-RPC + * binding tables. + * + * @param notebook_pg A pointer to the "DCE-RPC" notebook page. + */ +static void +decode_dcerpc(GtkWidget *notebook_pg) +{ + GtkWidget *list; + const gchar *table_name; + decode_dcerpc_bind_values_t *binding; + + + list = g_object_get_data(G_OBJECT(notebook_pg), E_PAGE_LIST); + if (requested_action == E_DECODE_NO) + gtk_tree_selection_unselect_all(gtk_tree_view_get_selection(GTK_TREE_VIEW(list))); + + binding = g_object_get_data(G_OBJECT(notebook_pg), E_PAGE_BINDING); + + /*table_name = g_object_get_data(G_OBJECT(notebook_pg), E_PAGE_TABLE);*/ + table_name = "DCE-RPC"; + decode_change_one_dcerpc_binding(table_name, binding, list); +} + + +/**************************************************/ +/* Dialog setup */ +/**************************************************/ + + +/* add an interface to the list */ +static void +decode_dcerpc_add_to_list(gpointer key, gpointer value, gpointer user_data) +{ + /*dcerpc_uuid_key *k = key;*/ + dcerpc_uuid_value *v = value; + + if(strcmp(v->name, "(none)")) + decode_add_to_list("DCE-RPC", v->name, key, user_data); +} + + +/* add all interfaces to the list */ +static GtkWidget * +decode_add_dcerpc_menu (GtkWidget *page, const gchar *table_name _U_) +{ + GtkWidget *scrolled_window; + GtkWidget *list; + + decode_list_menu_start(page, &list, &scrolled_window); + g_hash_table_foreach(dcerpc_uuids, decode_dcerpc_add_to_list, list); + decode_list_menu_finish(list); + return(scrolled_window); +} + + +/* add a DCE-RPC page to the notebook */ +GtkWidget * +decode_dcerpc_add_page (packet_info *pinfo) +{ + GtkWidget *page_hb, *info_vb, *label, *scrolled_window; + GString *gs = g_string_new(""); + GString *gs2 = g_string_new(""); + decode_dcerpc_bind_values_t *binding; + + + /* clone binding */ + binding = g_malloc(sizeof(decode_dcerpc_bind_values_t)); + COPY_ADDRESS(&binding->addr_a, &pinfo->src); + COPY_ADDRESS(&binding->addr_b, &pinfo->dst); + binding->ptype = pinfo->ptype; + binding->port_a = pinfo->srcport; + binding->port_b = pinfo->destport; + binding->ctx_id = pinfo->dcectxid; + binding->smb_fid = dcerpc_get_transport_salt(pinfo); + binding->ifname = NULL; + /*binding->uuid = NULL;*/ + binding->ver = 0; + + /* create page content */ + page_hb = gtk_hbox_new(FALSE, 5); + g_object_set_data(G_OBJECT(page_hb), E_PAGE_ACTION, decode_dcerpc); + g_object_set_data(G_OBJECT(page_hb), E_PAGE_TABLE, "DCE-RPC"); + g_object_set_data(G_OBJECT(page_hb), E_PAGE_TITLE, "DCE-RPC"); + g_object_set_data(G_OBJECT(page_hb), E_PAGE_BINDING, binding); + + info_vb = gtk_vbox_new(FALSE, 5); + gtk_box_pack_start(GTK_BOX(page_hb), info_vb, TRUE, TRUE, 0); + + /* Always enabled */ + label = gtk_label_new("Replace binding between:"); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + switch(binding->ptype) { + case(PT_TCP): + g_string_printf(gs2, "TCP port"); + break; + case(PT_UDP): + g_string_printf(gs2, "UDP port"); + break; + default: + g_string_printf(gs2, "Unknown port type"); + } + + /* XXX - how to print the address binding->addr_a? */ + g_string_printf(gs, "Address: ToBeDone %s: %u", gs2->str, binding->port_a); + label = gtk_label_new(gs->str); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + label = gtk_label_new("&"); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + /* XXX - how to print the address binding->addr_b? */ + g_string_printf(gs, "Address: ToBeDone %s: %u", gs2->str, binding->port_b); + label = gtk_label_new(gs->str); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + label = gtk_label_new("&"); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + g_string_printf(gs, "Context ID: %u", binding->ctx_id); + label = gtk_label_new(gs->str); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + label = gtk_label_new("&"); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + gtk_widget_set_sensitive(label, binding->smb_fid); + + g_string_printf(gs, "SMB FID: %u", binding->smb_fid); + label = gtk_label_new(gs->str); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + gtk_widget_set_sensitive(label, binding->smb_fid); + + /* Conditionally enabled - only when decoding packets */ + label = gtk_label_new("with:"); + gtk_box_pack_start(GTK_BOX(info_vb), label, TRUE, TRUE, 0); + + decode_dimmable = g_slist_prepend(decode_dimmable, label); + scrolled_window = decode_add_dcerpc_menu(page_hb, "dcerpc" /*table_name*/); + gtk_box_pack_start(GTK_BOX(page_hb), scrolled_window, TRUE, TRUE, 0); + decode_dimmable = g_slist_prepend(decode_dimmable, scrolled_window); + + g_string_free(gs, TRUE); + + return(page_hb); +} |